Date: Thu, 30 May 2002 19:06:29 -0400 From: "Peter C. Lai" <sirmoo@cowbert.2y.net> To: Dave Raven <dave@raven.za.net> Cc: George.Giles@mcmail.vanderbilt.edu, freebsd-security@FreeBSD.ORG Subject: Re: ipfw issue with nmap false alarms Message-ID: <20020530190629.B49830@cowbert.2y.net> In-Reply-To: <009001c207a9$454c7020$3800a8c0@DAVE>; from dave@raven.za.net on Thu, May 30, 2002 at 09:11:49AM %2B0200 References: <000001c20789$f19ff060$6301a8c0@visp> <009001c207a9$454c7020$3800a8c0@DAVE>
next in thread | previous in thread | raw e-mail | index | archive | help
Allowing all packets from any to any via lo0 will show open ports when scanning localhost, since with the above rule any packet sent from localhost to localhost will be accepted (which is what nmap is using when scanning localhost). I believe the above rule also allows packets originating from your external IP destined for that same IP. Better to use a different interface to scan the original one. On Thu, May 30, 2002 at 09:11:49AM +0200, Dave Raven wrote: > That is the problem, your scanning localhost. > rather scan an external card. > > > --Dave. > > > ----- Original Message ----- > From: "Brett Moore" <brett@softwarecreations.co.nz> > To: <George.Giles@mcmail.vanderbilt.edu>; <freebsd-security@FreeBSD.ORG> > Sent: Thursday, May 30, 2002 5:27 AM > Subject: RE: ipfw issue with nmap false alarms > > > > Others may correct me if I am wrong here. > > > > I have had the same 'problem'. I was told/read that nmap may sometimes > > report the port that it is using as open when run against localhost. > > > > Try 2.54BETA34 its for d/l at the site. > > > > Brett > > > > > > > -----Original Message----- > > > From: owner-freebsd-security@FreeBSD.ORG > > > [mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of > > > George.Giles@mcmail.vanderbilt.edu > > > Sent: Thursday, 30 May 2002 15:06 > > > To: freebsd-security@FreeBSD.ORG > > > Subject: ipfw issue with nmap false alarms > > > > > > > > > nmap reports as expected when scanning the actual ip address, but when > run > > > against localhost various open ports show up. > > > > > > Any ideas ? > > > > > > Starting nmap V. 2.54BETA29 ( www.insecure.org/nmap/ ) > > > Interesting ports on localhost (127.0.0.1): > > > (The 1540 ports scanned but not shown below are in state: closed) > > > Port State Service > > > 21/tcp open ftp > > > 22/tcp open ssh > > > 53/tcp open domain > > > 80/tcp open http > > > 443/tcp open https > > > 1669/tcp open netview-aix-9 > > > > > > Nmap run completed -- 1 IP address (1 host up) scanned in 9 seconds > > > bash-2.05$ nmap localhost > > > > > > Starting nmap V. 2.54BETA29 ( www.insecure.org/nmap/ ) > > > Interesting ports on localhost (127.0.0.1): > > > (The 1540 ports scanned but not shown below are in state: closed) > > > Port State Service > > > 21/tcp open ftp > > > 22/tcp open ssh > > > 53/tcp open domain > > > 80/tcp open http > > > 443/tcp open https > > > 2044/tcp open rimsl > > > > > > > > > Nmap run completed -- 1 IP address (1 host up) scanned in 9 seconds > > > bash-2.05$ nmap localhost > > > > > > Starting nmap V. 2.54BETA29 ( www.insecure.org/nmap/ ) > > > Interesting ports on localhost (127.0.0.1): > > > (The 1539 ports scanned but not shown below are in state: closed) > > > Port State Service > > > 21/tcp open ftp > > > 22/tcp open ssh > > > 53/tcp open domain > > > 80/tcp open http > > > 443/tcp open https > > > 2003/tcp open cfingerd > > > 3306/tcp open mysql > > > > > > > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > with "unsubscribe freebsd-security" in the body of the message > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- Peter C. Lai University of Connecticut Dept. of Molecular and Cell Biology | Undergraduate Research Assistant http://cowbert.2y.net/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020530190629.B49830>